It's about 200 pages, which about half of it review web concepts (theory and practice) from a security perspective. The other half has mostly advanced theory/practice about web security and the secure framework around it (with respect to an actual web application framework).

Unfortunately I was pushed hard by the deadline for this, and it's not what I could call a thesis done by me, but this is probably 10 times better than any other. A glossary of the terms is also included as an appendix.

I did this thesis based on my 5 years of active career as a security expert, my 4.5 years of active OWASP participation (with a lot of code review, coding and standard review on many projects such as ESAPI, ASVS, WebGoat, etc.) and my 3 years of lead developer in jFramework.